webclaw
All processing in your browser No file ever uploaded No tracking, no accounts

Password Generator

Generate strong, random passwords using your browser's cryptographic random source. Nothing is sent over the network.

Jump to FAQ ↓

click Generate

About this Password Generator

Reusing passwords is the single biggest cause of account takeovers. A unique, long, random password for every important account — stored in a password manager — is the modern standard. This generator uses the browser's crypto.getRandomValues() API, which is cryptographically secure and suitable for passwords.

How long should a password be?

  • 12 characters — minimum acceptable for everyday accounts.
  • 16–20 characters — recommended default for most uses.
  • 24+ characters — for sensitive accounts (email, banking, password manager master password).

What makes a password strong?

Strength is measured in entropy — roughly, how many guesses an attacker would need on average. Each random character drawn from a pool of size N adds log₂(N) bits. For example, 16 random characters from a 70-character pool yield about 98 bits of entropy, which is far beyond brute-force range with current technology.

Tips

  • Use a password manager. You should not need to memorize random passwords — store them in 1Password, Bitwarden, KeePass, or similar.
  • Enable two-factor auth on important accounts. A strong password is the first lock; 2FA is the second.
  • Avoid symbols only when needed. Some old systems reject certain symbols; if a site complains, regenerate without symbols rather than weakening the length.

Privacy

Passwords are generated locally with the Web Crypto API. They are never sent over the network, never logged, and are not stored anywhere by this site.

Frequently Asked Questions

Are these passwords cryptographically secure?

Yes. The generator uses the browser's built-in crypto.getRandomValues() API, which is a cryptographically secure pseudorandom number generator suitable for passwords, tokens, and keys.

Are generated passwords stored or logged anywhere?

No. Passwords are generated locally and exist only in your browser tab. They are not transmitted, logged, saved to history, or shared with any third party.

How long should my password be?

12 characters is the minimum acceptable for everyday accounts. 16 to 20 is recommended for most uses. 24 or more is appropriate for sensitive accounts such as email, banking, and your password manager master password.

Should I include symbols in my password?

Including symbols increases entropy slightly, but length matters more. A 20-character password without symbols is stronger than a 12-character password with symbols. If a website rejects symbols, increase the length instead.

What does "entropy" mean for passwords?

Entropy measures how unpredictable a password is, in bits. Each random character drawn from a pool of N characters adds log₂(N) bits. 80+ bits is strong; 100+ bits is very strong and currently considered uncrackable by brute force.

Why should I use a password manager too?

Strong passwords are useless if you reuse them. A password manager (Bitwarden, 1Password, KeePass) lets you have a unique strong password per site without memorizing any of them — you only memorize the one master password.